Description
SilverStripe before 2.4.2 does not properly restrict access to pages in draft mode, which allows remote attackers to obtain sensitive information.
Remediation
References
Related Vulnerabilities
Joomla Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-1599)
MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-5241)
WordPress Plugin Lightbox Plus Colorbox Cross-Site Scripting (2.7.2)
WordPress Plugin Jock on air now Multiple Vulnerabilities (5.6.1)
WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2020-11112)